This application claims priority from previously filed Canadian application serial number 2,228,687 filed on Feb. 4, 1998.
This invention relates generally to communications networks and more particularly to a secured virtual private network (SVPN).
In general form, computer networks are composed of a set of resource entities such as servers, printers, gateways, modems, etc.; a set of requestor entities such as users, user groups, and programs that access resources to retrieve data or manage resources; and means of communicating between the two sets of entities including, for example the network itself, routers, protocols, etc. Network nodes often belong to more than one of the above sets. The relationship between the resource entity set and the requestor entity set is often subject to a set of rules hereinafter referred to as xe2x80x9cnetwork policies.xe2x80x9d Network policies also comprise, for example, information regarding behavior of resources.
Network security data is a very common form of network policy data. Network security data may be considered as a collection of data records stored in an electronic medium. Records may contain any data item regarding requesters, resources, or the relationship therebetween. Examples of such records include: access rights, logging of successful or unsuccessful access to a device, billing of usage to a user""s cost center, user password expiration date, restriction of access to certain hours, restriction of access to users physically located within a building, device status information, time related routing information, and so forth.
Network entities may query the policy database and determine actions to conform to the policy. For example, Windows 95(copyright) allows a user to disable or enable dial-up access. Depending on the configuration settingsxe2x80x94policiesxe2x80x94dial-up access is permitted or restricted. Also, user identities may be verified by information in the policy database. This data commonly relates to access codes or passwords. Users may create or receive access keys allowing them access to a predetermined set of resources. Many implementations exist for this conceptual policy database. Examples of such arrangements are Windows NT(copyright) domain administration system and Unix(copyright) Network Information Service (NIS). Those systems however, suffer an inherent weakness: if the policy database is compromised, the network security as a whole is compromised. Therefore, common practice restricts policy database modifications to local or highly secure access only. The benefits of a secure policy database having remote administration capabilities are obvious. Also, a more flexible policy implementation system would be beneficial. Generally policies are stored and implemented local to a single system. Referring to the example of the Windows 95(copyright) operating system, all policies are executed local to the system such that access is permitted or denied on the one computer system and storage media and peripherals connected thereto. This type of architecture increases system security, often at the expense of flexibility.
Connecting geographically separate computer systems or networks together is a common business need. Often the best interface for such a connection is for the remote system or network to appear as if it were on the local network. In many cases the most cost-effective medium for connecting remote systems is a public network such as the Internet, public switched telephone networks or other common carrier data networks. A common method for providing a network-like connection using a public network is known as Virtual Private Network (VPN). Basically, a VPN provides a means of transparent communication through a public network. This results in remote workstations and/or remote sections of the network appearing physically connected to the network through dedicated communication cables. Users using workstations at different physical locations separated by the public network are often provided with little indication of the public networkxe2x80x94to them, the public network is merely another xe2x80x9ccable.xe2x80x9d
In many cases VPNs compromise data security and integrity by exposing network communications and networks involved to unauthorized intrusion. In order to increase security the Internet Engineering Task Force (IETF) has developed the IPSEC standard. IPSEC is an extension to TCP/IP that utilizes data encryption methods and digital certificates mechanisms to positively verify an identity of a user or a workstation. While the IPSEC is specific to the TCP/IP protocol suite, the certificates, encryption mechanisms and general principles stipulated in IPSEC are also applicable to other computer communication networks. Implementation of IPSEC results in a Secure Virtual Private Network or SVPN.
The common implementation of a secured VPN calls for a security gateway to be placed at the interface point between the secured network and the public, unsecured network. Data and access rights on the secured side of the security gateway are controlled using conventional network access control methods while data flow to and from the unsecured network is encrypted and controlled by the gateway. Data is permitted to flow between the secured and unsecured networks according to network policies.
Part of the IETF development relies on digital certificates. A digital certificate is a method that binds an identity to a public key and optionally added information. Certification occurs in conjunction with a certificate authority (CA), a computer system trusted and capable of tagging the original sender public key for later verification. For example, the key is encrypted using a private key of the CA and using its associated public key, the data is decrypted. This verifies that the data was encoded by the CA. Certificates and certificate authorities are well known in the art, one method of which has been codified in international standard X.509 (ITU 1993, ISO/IEC 9594-8). For the purpose of this document the deposition of information to create a digital certificate is referred to as certification and verification that certified data was certified by the trusted CA is referred to as verification or authentication.
Unfortunately, many commonly available network policy features are not available using SVPN""s. Also, flexibility is often compromised to ensure security and vice versa. For example, when a single network administrator or group cannot securely administer an entire network due to network complexity, network administration is decentralized and the weakest network security becomes the level of security for the network; when the network has many sub-networks all joined through the internet, this often results in either a low level of security or very little flexibility.
It would be advantageous to provide a high degree of flexibility, and a broad range of network features, while maintaining high level of security in a VPN environment.
The current invention seeks to increase flexibility in configuration of a network, a VPN or a SVPN while providing very high security levels. The invention achieves that goal by utilizing digital certificates for storage and transport of network policies.
While certificates are well known for identification and authentication of a user identity, the invention utilizes certificates to store policy related data, and thus implements a network policy system using digital certificates. These certificates are referred to as attribute certificates. Attribute certificates certifies data or attributes instead of a public key. By using an attribute certificate containing similar policy data the invention allows each valid policy data record to be verified as coming from an authorized network manager, and thus valid for implementation on the network. This prevents insertion of fake policy records into the database and thus significantly increases network security. Additionally, the association of policy records with persons authorized to issue those records, (i.e. network managers) is guaranteed by the Certificate Authority (CA) when desired. This allows secure network policy management to be conducted from remote sites. Storing the policy in a central database allows the network manager to easily change the policy, and have changes take effect immediately over the whole network.
In accordance with the invention, there is provided a method for implementing computer-networking security in a computer network having at least one secured network coupled with an unsecured network via a security gateway, at least one requestor connected to said unsecured network and at least one resource connected to the secured computer network, the method comprising the steps of: retrieving from a digital storage medium network security information, the network security information associated with a digital certificate; determining authenticity of the digital certificate; and, performing actions to conform with the network security information associated with the digital certificates when said certificate is authenticated.
These methods allow for significantly increased flexibility especially when applied to SVPN""s. Since the policy information is certified it may be transferred over non-secured networks without significantly impacting network security. Thus secured remote configuration of networks, easy subnet operations, and even remote configuration of individual workstations residing in or out of a secured network is made possible.